Crafted TCP Packet Can Cause Denial of Service

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

The Cisco IOS Transmission Control Protocol (TCP) listener in certain
versions of Cisco IOS software is vulnerable to a remotely-exploitable
memory leak that may lead to a denial of service condition.
This vulnerability only applies to traffic destined to the Cisco IOS
device. Traffic transiting the Cisco IOS device will not trigger this
vulnerability.
Cisco has made free software available to address this vulnerability
for affected customers.

See also :

http://www.nessus.org/u?7468b1c7

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20070124-crafted-tcp.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: CISCO

Nessus Plugin ID: 48997 (cisco-sa-20070124-crafted-tcphttp.nasl)

Bugtraq ID:

CVE ID: CVE-2007-0479